I have a unix installation that's supposed to be usable both as a chroot and as a standalone system. If it's running as a chroot, I don't want to run any service (cron, inetd, and so on), because they would conflict with the host system or be redundant.

How do I write a shell script that behaves differently depending on whether it's running in a chroot? My immediate need is a modern Linux system, with /proc mounted in the chroot, and the script is running as root, but more portable answers are welcome as well. (See How do I tell I'm running in a chroot if /proc is not mounted? for the case of Linux without /proc.)

More generally, suggestions that work for other containment methods would be interesting. The practical question is, is this system supposed to be running any services? (The answer being no in a chroot, and yes in a full-fledged virtual machines; I don't know about intermediate cases such as jails or containers.)

3 Answers
3

What I've done here is to test whether the root of the init process (PID 1) is the same as the root of the current process. Although /proc/1/root is always a link to / (unless init itself is chrooted, but that's not a case I care about), following it leads to the “master” root directory. This technique is used in a few maintenance scripts in Debian, for example to skip starting udev after installation in a chroot.

(By the way, this is yet another example of why chroot is useless for security if the chrooted process has root access. Non-root processes can't read /proc/1/root, but they can follow /proc/1234/root if there is a running process with PID 1234 running as the same user.)

If you do not have root permissions, you can look at /proc/1/mountinfo and /proc/$$/mountinfo (briefly documented in filesystems/proc.txt in the Linux kernel documentation). This file is world-readable and contains a lot of information about each mount point in the process's view of the filesystem. The paths in that file are restricted by the chroot affecting the reader process, if any. If the process reading /proc/1/mountinfo is chrooted into a filesystem that's different from the global root (assuming pid 1's root is the global root), then no entry for / appears in /proc/1/mountinfo. If the process reading /proc/1/mountinfo is chrooted to a directory on the global root filesystem, then an entry for / appears in /proc/1/mountinfo, but with a different mount id. Incidentally, the root field ($4) indicates where the chroot is in its master filesystem.

This won't work in OpenBSD because it has random PIDs; the root process is basically never PID 1. Now you know why!
– Adam KatzJan 16 '15 at 5:59

@AdamKatz "... with a couple of obvious exceptions, e.g., init(8)." So which is it?
– muruJan 16 '15 at 9:40

@muru: aw, shucks. You've shot me down. I'm not sure why init(8) would absolutely need to have the #1 slot unless there's some kind of hard-coded nature that requires it (in which I'd still be unsure as to why). Of course, the BSDs have much more advanced jails than just chroot, so I'm not even sure how problematic this is.
– Adam KatzJan 16 '15 at 10:02

4

@AdamKatz It's the opposite: pid 1 has a special role (it must reap zombies, and it is immune to SIGKILL). The init program is an implementation of that role. The reason my answer doesn't work in OpenBSD has nothing to do with this: it's because OpenBSD doesn't have anything like Solaris/Linux's /proc. My answer wasn't meant to address anything but Linux anyway.
– GillesJan 16 '15 at 11:40

@Gilles I figured OpenBSD would have this defeated in some manner or other. Still, I'm surprised that all of those special role items aren't capable of being applied to an arbitrary PID (without consequences), which is what I meant in my italicized "why" earlier.
– Adam KatzJan 16 '15 at 17:11

An inode number that's different from 2 indicates that the apparent root is not the actual root of a filesystem. This will not detect chroots that happen to be rooted on a mount point, or on operating systems with random root inode numbers.

So I was fooling around, and I think I've found a more reliable method that doesn't require root permissions (Linux only). I'm still open to counter-examples or more portable methods.
– GillesNov 9 '11 at 19:15

6

This is true for ext[234], but not of all filesystems. It also only tests that your root is the root of the filesystem, which may not be mounted as the real root. In other words, if you mount another partition in /jail and chroot /jail, then it will look like the real root to this test.
– psusiNov 9 '11 at 19:26

1

@AdamKatz Apparently not. Tested in openbsd 6.0-stable, the inode number is still 2 for the actual root path while it's a random number for the chroot.
– Dmitri DBSep 16 '16 at 3:11